Comparing Cloudflare vs. Zscaler 
Which better fuels transformation? 


Zero Trust implementation 
doesn't have to be so hard 


Don't lock yourself out of your own future 


Cloudflare helps you move quickly and nimbly as the 
future of networking evolves. 


Simple deployment, network resiliency, and swift 
innovation provide a stronger foundation for true 
transformation of networking, security, and applications. 


Three reasons customers choose Cloudflare over Zscaler 
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Simplicity 
to deploy fast 


Cloudflare customers value 

a uniform and composable 
platform for easy setup and 
operations. They do not want 
piecemeal services that lead 
to a more time-consuming, 
error-prone experience. 


2. 


Trusted connectivity 
to protect reliably 


The Cloudflare global 
network is built with end-to- 
end traffic automation for 
reliability and performance 
that customers trust. No one 
wants manual connectivity 
to many cloud networks that 
forces security tradeoffs. 


3. 


Future-proof 
to evolve rapidly 


Cloudflare is architected 

to integrate innovations 

into the same network that 
customers use to evolve fast. 
No one wants new services 
bolted on or stagnating 
adoption of new standards 
that delays their future. 
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Pick an architecture designed for the future of networking 


When choosing Cloudflare over Zscaler, you will benefit from a network built to run every edge 
service on every server — globally. We bring the entire network to the cloud and enable Zero Trust 
with single-pass inspection, quickly connecting users, devices, workloads, offices, clouds, and data 
centers to resources, wherever they are located. It is easy to deploy and run, so you can take control 
and start modernizing your environment at your desired pace, without needing an infinite IT budget, 
a parade of expensive POCs, and multiple complex deployments to get there. 


Cloudflare - Unified Zscaler - Fragmented 
A unified control plane provides single-pass Meanwhile, a fragmented and stitched 
inspection and trusted connectivity. architecture increases complexity and can 


introduce additional risk. 
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In a comparative sampling of data center locations, each Zscaler service runs in a subset of the locations, 
and only a subset of locations are available to every customer.* 


*As of Jan 2022: According to cloudflarestatus.com and cloudflare.com/network, Cloudflare has public data centers in 250+ cities. Many cities are served by 
more than one data center. According to trust.zscaler.com and config.zscaler.com, Zscaler has 73 public data centers in 55 cities with 13 data centers in no 
published clouds and 11 data centers with auto geo proximity disabled. The other claimed 77 data centers do not appear to be publicly documented. 
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Fast-track your journey to secure 
any-to-any connectivity 


While Zero Trust principles remain the same 
across providers, implementation and ROI 
vary widely. 


Cloudflare uniformly connects and secures 
end-to-end using one network and control plane 
to provide a better experience for both your IT 
practitioners and end users. 


Cloudflare - Simple 


Cloudflare’s network, Zero Trust, and application 
edge services are natively integrated through a 
unified backend architecture. 
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Is the deployment simple enough? 


Who would pick siloed services as a first 
choice? No one. That is why all Cloudflare 
on-ramps and edge services actually 
work together. 


Don’t wait weeks on white-glove support 

to start adoption. Our services platform is 
composable, so in just minutes and hours you 
are solving real use cases. 


Avoid bloated virtual machine deployment 
logistics. Speed setup time with software- 
only connectors and one-time integrations. 


Zscaler - Complex 


Zscaler’s network and Zero Trust services are 
stitched together and don’t completely cover 
remote users, plus application services are 
entirely siloed across multiple vendors. 
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Only a better Internet can consistently Is the network resilient enough? 
protect your business e Security should not feel like a puzzle. 
Every edge service is built to run in every 
Today, roughly 20% of all websites are routed network location, available to every customer. 


through the Cloudflare network — using 
the same proxies that deliver Zero Trust for 
your business. 


e We feature a 100% uptime SLA for paid plans 
that only an Anycast architecture can deliver. 
Other vendors cannot just add this to their 

Our end-to-end traffic automation ensures platform later. 

reliable and scalable network connectivity with 

consistent protection from any location. 


e Direct private interconnects keep your traffic 
away from the public Internet. This should be 
non-negotiable, but Zscaler does not offer it. 


^ Cloudflare - Resilient Zscaler - Vulnerable 
The Anycast architecture of the Cloudflare When service locations are limited, this 
network delivers peace of mind. Should a can leave you vulnerable should a regional 
regional issue occur, traffic automatically issue arise. If planned or unplanned outages 
reroutes to keep edge services online. co-occur across primary and secondary data 
l centers, Zscaler services could experience 


avoidable downtime. 
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and ship very quickl 


Our future-proof architecture helps us build 


established a solid reputation around. 


CLOUDFLARE 
Relentlessly stay ahead of modern Is the pace of innovation fast enough? 
business needs to secure your future e We have one composable, developer-friendly 


cloud platform, not multiple fragmented 
clouds, that is extensible with any future 


— something we have : 
: a edge service. 


Check out our blog for proof! Pick a customer- e We achieve rapid, native adoption of new 
led, agile provider with a lightning fast rate of Internet and security standards. 

change to innovate new networking, security, e Our history of technical prowess and growth 
and application capabilities. speaks for itself, and our foundation provides 


extreme optionality. 
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1. Device client uses null-encrypted 
data centers. 3. Only applicable to Z 
inspect app-encrypted TLS 1.3 traff 


n and flexibility to secure your You shouldn't have to prolong your wait for important 
ight be. Cloudflare is known for new technology adoption, like fully integrating support 
adopting new technologies. for TLS 1.3 or IPv6. 


IPv6 RPKI IPFS 


Technology & vendor support is evolving 


IPv6 Connections and client-side traffic encryption 


Each vendor releases 
ore device client that 
Standard tunnels IP traffic 


& Fully encrypted 
Lacks IPv6-only connection support & Semi-encrypted' 
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TLS 1.3 ECH QUIC 


Technology & vendor support is evolving 


TLS 1.3 Inspection 


Cloudflare Cloudflare TLS 1.3 used 
Access fe Gateway by 45% of 
launched Standard launched Alexa 150k 


Lacked true support; only could downgrade, bypass or block ZIA-beta? ZIA-only? 
Jan 2018 Aug 2018 Mar 2020 Jun 2021 Dec 2021 Mar 2022 


data channel for ZIA traffic. Only the TLS control channel is encrypted. 2. The Zscaler Beta cloud for ZIA only has three 
A traffic. For ZPA traffic, the device client uses a TLS 1.2 tunnel to encrypt data channel, but their cloud proxy does not 
ic. 
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See how Cloudflare 
stacks up ——_——> 


Deployment Simplicity 


On-ramps and services 


Cloudflare 


© 


Composable and work together 
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Zscaler 


®) 


Many run separate from others 


Security and connectivity 


End-to-end: User/workload-to- 
app plus WAN and apps 


Limited: 
User/workload-to-app only 


Network and control plane 


Uniform, one network, 
one control plane 


AWS/Azure-augmented network, 
many control planes 


Setup requirements 
Network Resiliency 


Global connectivity 


Often clientless, VM-free 
software, one-time integrations 


Yes: Anycast architecture 


Often clients, VM sizing logistics, 
repeated integrations 


®) 


No: Active/active local 
termination 


Bypass public Internet 


Yes: Private interconnects per 
customer to Cloudflare network 


No: Private service VMs bypass 
Zscaler cloud, not the Internet 


Network location 
availability 


Every location available to every 
customer 


Only a subset of locations 
available to every customer 


Service availability 
Innovation Velocity 


Cloud-native architecture 


Every edge service built to run in 
every network location 


One cloud platform with uniform 
edge service availability 


Each service runs in a subset of 
network locations 


&) 


Many clouds with fragmented 
service availability 


Developer-friendly 
platform 


Composable and extensible with 
any future edge service 


Bolted on for too long, loosely 
integrated years later 


New Internet and security 
standards 


ZTNA and SWG 
development 


Rapidly adopted, often contribute 
to designing them 


Built in four and two years, 
respectively 


Why wait and pay to try Zscaler when 
you can start our free plan in minutes? 


Some introduced years later 


Built in six and 14 years, 
respectively 


See how simple it is 
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